Instead of simply emulating old and slow hardware, modern hypervisors use paravirtualized devices to provide guests access to virtual hardware. Bugs in the privileged backend components can allow an attacker to break out of a guest, making them quite an interesting target.
In this talk, I'll present the results of my research on the security of these backend components and discuss Xenpwn, a hypervisor based memory access tracing tool used to discover multiple critical vulnerabilities in paravirtualized drivers of the Xen hypervisor. If you like virtualization security, race conditions, vulnerabilities introduced by compiler optimizations or are a big fan of Bochspwn, this is the right talk for you.
Felix Wilhelm is a security researcher working for ERNW Research. His maininterests are application security, reverse engineering and virtualizationsecurity. Felix has disclosed critical vulnerabilities in popular productssuch as Xen, Hyper-V, IBM GPFS or FireEye's MPS and has presented his work atinternational conferences like Syscan, Hack in the Box, 44Con, Infiltrate andTroopers.